22 matches found
CVE-2009-4515
The Storm module for Drupal (6.x before 6.x-1.25) does not enforce privilege requirements for storminvoiceitem nodes, allowing remote attackers to read node titles via unspecified vectors. This affects confidentiality (partial). No exploit details are provided in the documents. Remediation: upgra...
SA-CONTRIB-2009-089 - Storm - Access Bypass
The Storm module provides a project management application for Drupal. The module suffers a vulnerability whereby nodes of type 'storminvoiceitem' are not respecting the expected access permissions, potentially exposing the node title to unauthorized users. Versions affected Versions of Storm for...